Comment by ljm
1 day ago
Fundamentally, I think the issue is more about technical literacy amongst the political establishment who consistently rely on the fallacy that having nothing to hide means you have nothing to fear. Especially in the UK which operates as a paternalistic state and enjoys authoritarian support across all parties.
On the authoritarianism: these laws are always worded in such a way that they can be applied or targeted vaguely, basically to work around other legislation. They will stop thinking of the children as soon as the law is put into play, and it's hardly likely that pedo rings or rape gangs will be top of the list of priorities.
On the technical literacy: the government has the mistaken belief that their back door will know the difference between the good guys (presumably them) and the bad guys, and the bad guys will be locked out. However, the only real protection is security by obscurity: it's illegal to reveal that this backdoor exists or was even requested. Any bad guy can make a reasonable assumption that a multinational tech company offering cloud services has been compromised, so this just paints another target on their backs.
I've said it before, but I guarantee that the monkey's paw has been infinitely curling with this, and it's a dream come true for any black or grey hat hacker who wants to try and compromise the government through a backdoor like this.
It's not literacy. They don't care. They need control, and if establishing control means increased risks for you, it's not something they see as a negative factor. It's your problem, not theirs.
The government put in restrictions against using certain powers in the Investigatory Powers Act to spy on members of parliament (unless the Prime Minister says so, section 26), so I think they're just oblivious to the risk model of "when hackers are involved, the computer isn't capable of knowing the order wasn't legal".
https://www.legislation.gov.uk/ukpga/2016/25/section/26
Absolutely not, MPs are not too stupid to process the concept of “a back door is a back door” they simply want this power and do not care about security or privacy if non-MPs. Everyone who voted for this needs to be thrown out of politics, but that will obviously not happen.
That actually shows they understand and care because they don't want the law to apply to them. They don't care about its effects on other people.
5 replies →
They don't even need control. They want control. Why? Either they're idiots who think they need control or they are tyrants who know they'll need control later on when they start doing seriously tyrannical things.
> Why? Either they're idiots who think they need control or they are tyrants
Many politicians are individuals without any talent who desire power and control, politics is the only avenue open to people like that.
It's natural for the government to want control. It's literally what it is optimized for - control. More control is always better than less control. More data about subjects always better than less data. What if they do something that we don't want them doing and we don't know? It's scary. We need more control.
> they'll need control later on when they start doing seriously tyrannical things.
You mean like when they start jailing people for social media posts? Or when they are going to ban kitchen knives? Or when they're going to hide a massive gang rape scandal because it makes them look bad? Or when they would convict 900+ people on false charges of fraud because they couldn't admit their computer system was broken? Come on, we all know this is not possible.
It's the latter.
1 reply →
opinion: any government that "needs" such control, is an enemy of the people and must be abolished, and anyone can morally and ethically do so
Well it’s important that the argument is correct. They view ending end-to-end encryption as a way to restore the effectiveness of traditional warrants. It isn’t necessarily about mass surveillance and the implementation could prevent mass surveillance but allow warrants.
I oppose that because end to end encryption is still possible by anyone with something to hide, it is trivial to implement. I think governments should just take the L in the interest of freedom.
4 replies →
Agreed.
I used to think it was illiteracy, but when you hear politicians talk about this you realise more often than not they're not completely naive and can speak to the concerns people have, but fundamentally their calculation here is that privacy doesn't really matter that much and when your argument for not breaking encryption based around the right to privacy you're not going to convince them to care.
You see a similar thing in the UK (and Europe generally) with freedom of speech. Politicians here understand why freedom of speech is important and why people some oppose blasphemy laws, but that doesn't mean you can just burn a bible in the UK without being arrested for a hate crime because fundamentally our politicians (and most people in the UK) believe freedom from offence is more important than freedom of speech.
When values are misaligned (safety > privacy) you can't win arguments by simply appealing to the importance of privacy or freedom of speech. UK values are very authoritarian these days.
"Especially in the UK which operates as a paternalistic state and enjoys authoritarian support across all parties."
What is a "paternalistic state". I studied Latin so obviously I understand pater == father but what is a father-like state?
What on earth is: "authoritarian support across all parties".
The UK has one Parliament, four Executives (England, Northern Ireland, Scotland, Wales) and a Monarch (he's actually quite a few Monarchs).
Anyway, I do agree with you that destroying routine encryption is a bloody daft idea. It's a bit sad that Apple sold it as an extra add on. It does not cost much to run openssl - its proper open source.
Paternalism, unless I'm mistaken, is a belief among those in power that they what's best for you, better than you do, and will exercise power on your behalf in that manner. Just like your parents do when you're a child.
Government knows what’s best for the people (colloquially we call it the nanny state).
All our main political parties have an authoritarian slant so these policies have rarely received long-lasting opposition. Literally every government in office for the past 30-odd years has presented legislation like this.
In medicine, a paternalistic attitude towards the patient from a point of authority (like a father) The doctor acts as if he knows more and knows what is better. The patient has his own preferences and priorities, but they don't necessarily match with what the doctor does.
I suppose a paternalistic state functions to satisfy the needs of the people, and to define those needs. The people get what the state says is best for them.
What the politicians want is partial security: something they can crack but criminals can't. That is achievable in physical security, but not in cybersecurity.
I have a feeling the politicians already know partial cybersecurity isn't an option, and don't care. Certainly, the intelligence community advising them absolutely does know. We don't even have to be conspiratorial about it: their jobs are easier in the world where secrets are illegal than in the world where hackers actually get stopped.
> That is achievable in physical security, but not in cybersecurity.
Not with physical security either, I'm afraid.
With physical security the state apparatus can provide physical security in the form of police and what not, as well as deterrence and punishment.
In the world of cryptography it's... a bit harder to do something similar. In the best case they can come up with a key escrow system that doesn't suck too much, force you to use it, and hopefully they don't ever get the master keys hacked and stolen or leaked. But they're not asking for key escrow. They're asking for providers to be the escrow agents or whatever worse thing they come up with.
> That is achievable in physical security, but not in cybersecurity
This isn't accurate though, and leads us down the path of trying to prevent these bad laws from a technical perspective when we should be fighting the principle of the bad law not just decrying it for being "unworkable".
It is possible to construct encryption schemes with a "backdoor key" while still being provably secure against anyone else.
This creates precisely the "partial security" you describe: Criminals can't crack the encryption, but the government can use their backdoor-key.
But like those who argue online age-consent schemes can't work, it doesn't help to argue against the technical aspects of such bad laws. The law, particularly UK law, doesn't care for what's technically possible. The bad laws can sit on the books regardless of the technical feasibility of enforcement. Eventually technology can catch up, or the law can simply be applied on a best endeavours / selective enforcement approach.
> This creates precisely the "partial security" you describe: Criminals can't crack the encryption, but the government can use their backdoor-key.
No, it doesn't. Now criminals just have to get the key. These schemes have been tried many times. They've been discovered by actors that shouldn't have access to them.
Please don't go around advising government leaders and organizations. This is exactly the problem solving capabilities of governmental leaders that security experts are decrying here in this thread.
I honestly though get you're comment was going to go along the lines of perfect physical security can only be perfectly secure from everyone, including the people it shouldn't be. We constantly see the hacking oh physical locations. The big things keeping some orgs from being attacked: redundancy, observability, and ENCRYPTION WITHOUT BACKDOORS!
And what happens when someone in the government inevitably leaks the key either intentionally or because of a hack?
> that having nothing to hide means you have nothing to fear
hopefully the US turning from leader of the free world to Russia's tool will give them the kick they need to realise that just because you trust the government now doesn't mean you trust the next government or the one after it.
You probably don't want to look up which US President tried to force Apple to insert an encryption back door into iPhones back in 2015.
However, Google did only start moving to protect location data from subpoenas after people started to worry that location data could be used as a legal weapon against women who went to an abortion clinic, so your larger point stands.
That would be none, as it was the FBI, operating independently (as it's supposed to), which tried to force the issue. They even tried to go to Congress but found little support for their stunt. I'm not even sure Obama ever spoke in support of the backdoor, much less used any political power to make it a reality.
5 replies →
Points about Russia or partisan politics aside, there are now at least 10M people living in the US who have a very strong incentive to hide all their data from the executive branch. That's to say nothing of the countless millions who might want to help them.
The demand for encryption just exploded, in a legal gray area (city, state, and federal laws seem to be in conflict here) it's just a question of whether governments allows the supply to follow.
> hopefully the US turning from leader of the free world to Russia's tool
So much humour in one short phrase.
Do you really believe your propaganda or is it just absentmindedly parroting pro permanent war talking points?
What would you call the ridiculous claim that Ukraine started the war? Who else does that serve but Russia?
He demands $500bn of rare earth minerals, insists that Ukraine started the war by getting invaded and wants Zelensky to be replaced by a Russian puppet. It's amazing how the US went from the defender of the free world to just another thug.
2 replies →
"it's hardly likely that pedo rings or rape gangs will be top of the list of priorities".... is this not one of the most disturbing, disgusting, psychologically troubling and damning ideas ever to be put to words/brought to awareness? . Right up there "let's meticulously plan out this horrific, atrocious, dehumanizing act and meditate upon the consequences, and then choose the most brutal and villainous option". Dear Lord....
People are extremely opposed to pedos, so they're a primary rationalization for oppressive technology. But then you have two problems.
First, pedos know everybody hates them, so they take measures normal people wouldn't in order to avoid detection, and then backdooring the tech used by everybody else doesn't work against them because they'll use something else. But it does impair the security of normal people.
Second, there aren't actually that many pedos and the easy to catch ones get caught regardless and the hard to catch ones get away with it regardless, which leaves the intersection of "easy enough to catch but wouldn't have been caught without this" as a set plausibly containing zero suspects. Not that they won't use it against the ones who would have been caught anyway and then declare victory, but it's the sort of thing that's pretty useless against the ones it's claimed to exist in order to catch, and therefore not something it can be used effectively in order to do.
Whereas industrial espionage or LOVEINT or draining grandma's retirement account or manipulating ordinary people who don't realize they should be taking countermeasures -- the abuses of the system -- those are the things it's effective at bringing about, because ordinary people don't expect themselves to be targets.
> is this not one of the most disturbing, disgusting, psychologically troubling and damning ideas ever to be put to words/brought to awareness? .
Hmm? Hell has depths. Your yard might be a little too short to measure them? In that case, just think about this: rape is probably most common in prisons, where you will send innocents the moment this dragnet thing glitches.
Furthermore, one UK head of state call everyone supporting encryption pedophiles
https://x.com/BenWallace70/status/1892972120818299199
Just to be clear: Wallace is not a head of state, or even an MP any more. At one point, he was Secretary of State for Defence, a Cabinet position, however he resigned this in 2023.
This doesn’t justify his position (it’s stupid) but he doesn’t speak for the current government.
To clarify a bit further, the UK head of state is King Charles III, as he is for a bunch of other countries in the Commonwealth.
Head of state in the UK is a bit weird compared to countries that abolished or never had a monarchy.
6 replies →
> one UK head of state
What on earth are you talking about?
Charles III is head of state, and before that, Liz II. The monarch absolutely does not get involved in politics.
>> The monarch absolutely does not get involved in politics.
The monarch picks the Prime Minister, no? That seems pretty involved.
1 reply →
Ironic.
And that's why it is so important to nip this "pedo" / "think of the children" crap right in the bud.
Obviously pedos on the interwebs are bad, but hey as long as it's just anime they're whacking off to I don't care too much. But the real abuse, that's done by - especially in the UK - rich and famous people like Jimmy Savile. And you're not gonna catch these pedos with banning encryption, that's a fucking smokescreen if I ever saw one, you're gonna catch them with police legwork and by actually teaching young children about their bodies!
> But the real abuse, that's done by - especially in the UK - rich and famous people like Jimmy Savile
Jimmy Savile was a vile predator. He was protected by the inane customs of the British ruling class.
He was not alone among the toffs of England.
But do not be mistaken. It is not just the rich and powerful where you find sexual predators. They exist at all levels of society, all genders, most ages (I will except infants and the aged infirm....)
Jimmy Savile was a symptom of something much darker, much worse and widespread.
4 replies →
https://xcancel.com/BenWallace70/status/1892972120818299199
Thank you.
[dead]
> technical literacy amongst the political establishment who consistently rely on the fallacy that having nothing to hide means you have nothing to fear.
That's an awfully generous assessment on your part. Kindly explain just what "technical literacy" has to do with the formulation you note. From here it reads like you are misdirecting and clouding the -intent- by the powerful here.
Also does ERIC SCHMIDT an accomplished geek (who is an official member of MIC since (during?) his departure from Sun Microsystems) suffers from "technical literacy" issues:
https://news.ycombinator.com/item?id=983717
Thank you in advance for clarifying your thought process here. Tech illiteracy -> what you got to hide there buddy?
I feel like the comment was clear, technical illiteracy leads politicians to believe that they'll be the only ones with access to this backdoor, which isn't true.
The comment's clarity was not questioned. You are passing around the same tired line that because politicians do not understand technology and how it can be used against anyone. Sure computers are new but communication technology is not. All a politician needs to understand is "capability". That is it. "We can read their communications", no degree in CS required. Also, they have power geeks advising them left and right. They know "capabilities" can be misused. They know this.
Is this clear?
1 reply →
It isn't necessarily the case that they all care if criminals can get in to the average person's data so long as the authorities also can.
Yeah. Not buying it. They know, or someone smart enough told them that backdoors can be accessed by anyone with enough skill. They just don't care because the people that are asking for this are criminals already and wanting profit off of other people's data.
Let me offer a possible example that might be more in line with the HN commenting guideline about interpreting people's comments as charitably as reasonably possible:
My password manager vault isn't exactly something to hide in the political sense, but it's definitely something I would fear is exposed to heightened risk of compromise if there were a backdoor, even one for government surveillance purposes. And it's a reasonable concern that I think a lot of people aren't taking seriously enough due, in part, to a lack of technical literacy. Both in terms of not realizing how it materially impacts everyday people regardless of whether they're up to no good, and in terms of not realizing just how juicy a target this would be for agents up to and including state-level adversaries.
As for Eric Schmidt, he's something of a peculiar case. I don't doubt his technical literacy, but the dude is still the head of one of the world's largest surveillance capitalist enterprises, and, as the saying goes, "It is difficult to get a man to understand something when his salary depends on his not understanding it."
> Especially in the UK which operates as a paternalistic state and enjoys authoritarian support across all parties.
This seemed strange to point out. It’s not really any more or less “paternalistic” than most western nations including the US.
Folks in the United States aren't routinely arrested for Facebook posts.
The AP News was just kicked out of press conferences for not using the government-preferred term for the Gulf of Mexico. The new director of the FBI is pledging to go after members of the press that he doesn't like. The US is jumping headfirst in the "bad speech isn't free" direction in the past month.
Of course they are. Violent threats and admitting illegal activity on social media can lead to arrests in the US. By being so unspecific your comment does not really foster good discussion on the topic. You should describe what kind of posts they are being arrested for and which laws/protections in the UK you are specifically criticizing.
They're not arrested for posting on Facebook. They're arrested for _what_ they're posting on Facebook.
7 replies →
There are limits to speech in every country, including the US. What I always find baffling is the sheer arrogance of Americans, that the only way to be a free and democratic country is their way, to the extent that they send their elected representatives to Germany of all places to implicitly argue for the legalisation of the Hitler salute.
Meanwhile their country has slid into fascism. Sad and tragic.
If you see a red car driving down the street do you not call it red because there are many other red cars? They're adding color (pun intended) to their description of the general bias of the UK government. What you're doing is called Whataboutism - the argument that others are doing something similar or as bad in different contexts. It doesn't make what the UK is doing any less bad for citizens (and non-citizens) privacy or data sovereignty.
You don't say it's "especially" red then do you. The comparison was started by the GP.